WebLogic app client PKI (CAC ) authentication
Has anyone done the client CACed (Common Access Card) Weblogic app? Can anyone point me to document?
We have a Weblogic app which is authenticated by LDAP. I have the requirement for enabling PKI client authentication.
Edited by: user12220476 on May 8, 2010 9:37 AM
PKI Based authentication if I am not wrong is Certificate Based Authentication.
You can achieve it by configuring 2 Way SSL with Weblogic Server.
Weblogic Server will validate the certificate presented by the client.
To know what configurations are reqd on WLS, go through this post.
http://secure-zone.blogspot.com/2009/10/configuring-two-way-ssl-between-client.html
You will get some idea.
Similar Messages
-
Weblogic JMS Client App fails creating queue connection
Using the example provided from installation: ...\bea\wlserver_10.0\samples\server\examples\src\examples\jms\queue\QueueBrowse.java
I can successfully connect and display the queue when this test app runs on the local Weblogic Server. When I run the test app on a remote server (not the Weblogic server), I get the following error:
Exception in thread "main" weblogic.jms.common.JMSException: [JMSClientExceptions:055053]Error creating connection to the server: java.rmi.MarshalException: failed to marshal connectionCreateRequest(Lweblogic.jms.frontend.FEConnectionCreateRequest;); nested exception is:
java.rmi.UnexpectedException: Failed to parse descriptor file; nested exception is:
java.lang.NullPointerException
at weblogic.jms.client.JMSConnectionFactory.setupJMSConnection(JMSConnectionFactory.java:258)
at weblogic.jms.client.JMSConnectionFactory.createConnectionInternal(JMSConnectionFactory.java:285)
at weblogic.jms.client.JMSConnectionFactory.createQueueConnection(JMSConnectionFactory.java:165)
at com.lodestarcorp.custom.QueueBrowse.init(QueueBrowse.java:53)
at com.lodestarcorp.custom.QueueBrowse.main(QueueBrowse.java:129)
Caused by: java.rmi.MarshalException: failed to marshal connectionCreateRequest(Lweblogic.jms.frontend.FEConnectionCreateRequest;); nested exception is:
java.rmi.UnexpectedException: Failed to parse descriptor file; nested exception is:
java.lang.NullPointerException
at weblogic.rjvm.BasicOutboundRequest.marshalArgs(BasicOutboundRequest.java:91)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:332)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:252)
at weblogic.jms.frontend.FEConnectionFactoryImpl_1001_WLStub.connectionCreateRequest(Unknown Source)
at weblogic.jms.client.JMSConnectionFactory.setupJMSConnection(JMSConnectionFactory.java:224)
... 4 more
Caused by: java.rmi.UnexpectedException: Failed to parse descriptor file; nested exception is:
java.lang.NullPointerException
at weblogic.rmi.internal.DescriptorManager.createRuntimeDescriptor(DescriptorManager.java:118)
at weblogic.rmi.internal.DescriptorManager.getBasicRuntimeDescriptor(DescriptorManager.java:89)
at weblogic.rmi.internal.DescriptorManager.getDescriptor(DescriptorManager.java:55)
at weblogic.rmi.internal.DescriptorManager.getDescriptor(DescriptorManager.java:41)
at weblogic.rmi.internal.OIDManager.makeServerReference(OIDManager.java:194)
at weblogic.rmi.internal.OIDManager.getReplacement(OIDManager.java:175)
at weblogic.rmi.utils.io.RemoteObjectReplacer.replaceSmartStubInfo(RemoteObjectReplacer.java:116)
at weblogic.rmi.utils.io.RemoteObjectReplacer.replaceObject(RemoteObjectReplacer.java:102)
at weblogic.rmi.utils.io.InteropObjectReplacer.replaceObject(InteropObjectReplacer.java:62)
at weblogic.utils.io.ChunkedObjectOutputStream.replaceObject(ChunkedObjectOutputStream.java:40)
at weblogic.utils.io.ChunkedObjectOutputStream$NestedObjectOutputStream.replaceObject(ChunkedObjectOutputStream.java:141)
at java.io.ObjectOutputStream.writeObject0(Unknown Source)
at java.io.ObjectOutputStream.writeObject(Unknown Source)
at weblogic.messaging.dispatcher.DispatcherWrapper.writeExternal(DispatcherWrapper.java:152)
at weblogic.jms.frontend.FEConnectionCreateRequest.writeExternal(FEConnectionCreateRequest.java:98)
at java.io.ObjectOutputStream.writeExternalData(Unknown Source)
at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
at java.io.ObjectOutputStream.writeObject0(Unknown Source)
at java.io.ObjectOutputStream.writeObject(Unknown Source)
at weblogic.rjvm.MsgAbbrevOutputStream.writeObject(MsgAbbrevOutputStream.java:614)
at weblogic.rjvm.MsgAbbrevOutputStream.writeObjectWL(MsgAbbrevOutputStream.java:605)
at weblogic.rmi.internal.ObjectIO.writeObject(ObjectIO.java:38)
at weblogic.rjvm.BasicOutboundRequest.marshalArgs(BasicOutboundRequest.java:87)
... 8 more
Caused by: java.lang.NullPointerException
at weblogic.rmi.internal.BasicRuntimeDescriptor.createSkeletonClass(BasicRuntimeDescriptor.java:272)
at weblogic.rmi.internal.BasicRuntimeDescriptor.<init>(BasicRuntimeDescriptor.java:158)
at weblogic.rmi.internal.BasicRuntimeDescriptor.<init>(BasicRuntimeDescriptor.java:140)
at weblogic.rmi.internal.DescriptorManager.createRuntimeDescriptor(DescriptorManager.java:110)
... 30 more
FYI: I did create the wlfullclient.jar from the installation.
Could the problem be related to a proxy issue? It's not a DNS problem (I've tested with the IP address).
Thanks,
BrianI had this very same issue, in a project I was importing directly individual jars:
<classpathentry kind="lib" path="lib/javax.jms_1.1.1.jar"/>
<classpathentry kind="lib" path="lib/weblogic.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.security.identity_1.1.2.1.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.workmanager_1.9.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.workmanager.ja_1.9.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.transaction_2.7.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.rmi.client.ja_1.8.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.rmi.client_1.8.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.security.wls_1.0.0.0_6-1-0-0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.utils.full_1.9.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.security_1.0.0.0_6-1-0-0.jar"/>
<classpathentry kind="lib" path="lib/wlclient.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.utils.classloaders_1.8.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.management.core_2.8.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.descriptor_1.9.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.logging_1.8.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.timers_1.7.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.socket.api_1.2.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.security.digest_1.0.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.weblogic.lifecycle_1.4.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.store_1.7.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.common.security.api_1.0.0.0_6-1-0-0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.utils.wrapper_1.4.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.messaging.kernel_1.8.0.0.jar"/>
<classpathentry kind="lib" path="lib/com.bea.core.utils.expressions_1.4.0.0.jar"/>
and everything was working;
in another project I was importing the "Weblogic System Libraries" libraries, and I was getting the NullPointerException...
I have the sensation that there is room for improvement in the way libraries are managed. -
Weblogic JMS Client App supporting FSContext?
Can a Weblogic JMS Client app use a different JNDI Initial Context such as Sun's File System Context (com.sun.jndi.fscontext.RefFSContextFactory), instead of the Weblogic Initial Context (weblogic.jndi.WLInitialContextFactory)??
BrianYou need to find a way to bind WLS-JMS objects to the FSContext JNDI provider (e.g., programmaticly). JNDI is a standard and you can use any compliant provider.
The other way around, in WLS you can configure a foreign JNDI provider or foreign JMS server that allow you to lookup objects from a foreign jndi tree via WLS jndi. -
Weblogic app server wsdl web service call with SSL Validation error = 16
Weblogic app server wsdl web service call with SSL Validation error = 16
I need to make wsdl web service call in my weblogic app server. The web service is provided by a 3rd party vendor. I keep getting error
Cannot complete the certificate chain: No trusted cert found
Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure
Validation error = 16
From the SSL debug log, I can see 3 verisign hierarchy certs are correctly loaded (see 3 lines in the log message starting with “adding as trusted cert”). But somehow after first handshake, I got error “Cannot complete the certificate chain: No trusted cert found”.
Here is how I load trustStore and keyStore in my java program:
System.setProperty("javax.net.ssl.trustStore",”cacerts”);
System.setProperty("javax.net.ssl.trustStorePassword", trustKeyPasswd);
System.setProperty("javax.net.ssl.trustStoreType","JKS");
System.setProperty("javax.net.ssl.keyStoreType","JKS");
System.setProperty("javax.net.ssl.keyStore", keyStoreName);
System.setProperty("javax.net.ssl.keyStorePassword",clientCertPwd); System.setProperty("com.sun.xml.ws.transport.http.client.HttpTransportPipe.dump","true");
Here is how I create cacerts using verisign hierarchy certs (in this order)
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignClass3G5PCA3Root.txt -alias "Verisign Class3 G5P CA3 Root"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediatePrimary.txt -alias "Verisign C3 G5 Intermediate Primary"
1.6.0_29/jre/bin/keytool -import -trustcacerts -keystore cacerts -storepass changeit -file VerisignC3G5IntermediateSecondary.txt -alias "Verisign C3 G5 Intermediate Secondary"
Because my program is a weblogic app server, when I start the program, I have java command line options set as:
-Dweblogic.security.SSL.trustedCAKeyStore=SSLTrust.jks
-Dweblogic.security.SSL.ignoreHostnameVerification=true
-Dweblogic.security.SSL.enforceConstraints=strong
That SSLTrust.jks is the trust certificate from our web server which sits on a different box. In our config.xml file, we also refer to the SSLTrust.jks file when we bring up the weblogic app server.
In addition, we have working logic to use some other wsdl web services from the same vendor on the same SOAP server. In the working web service call flows, we use clientgen to create client stub, and use SSLContext and WLSSLAdapter to load trustStore and keyStore, and then bind the SSLContext and WLSSLAdapter objects to the webSerive client object and make the webservie call. For the new wsdl file, I am told to use wsimport to create client stub. In the client code created, I don’t see any way that I can bind SSLContext and WLSSLAdapter objects to the client object, so I have to load certs by settting system pramaters. Here I attached the the wsdl file.
I have read many articles. It seems as long as I can install the verisign certs correctly to web logic server, I should have fixed the problem. Now the questions are:
1. Do I create “cacerts” the correct order with right keeltool options?
2. Since command line option “-Dweblogic.security.SSL.trustedCAKeyStore” is used for web server jks certificate, will that cause any problem for me?
3. Is it possible to use wsimport to generate client stub that I can bind SSLContext and WLSSLAdapter objects to it?
4. Do I need to put the “cacerts” to some specific weblogic directory?
---------------------------------wsdl file
<wsdl:definitions name="TokenServices" targetNamespace="http://tempuri.org/" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap12="http://schemas.xmlsoap.org/wsdl/soap12/" xmlns:tns="http://tempuri.org/" xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/08/addressing" xmlns:wsp="http://schemas.xmlsoap.org/ws/2004/09/policy" xmlns:wsap="http://schemas.xmlsoap.org/ws/2004/08/addressing/policy" xmlns:wsaw="http://www.w3.org/2006/05/addressing/wsdl" xmlns:msc="http://schemas.microsoft.com/ws/2005/12/wsdl/contract" xmlns:wsa10="http://www.w3.org/2005/08/addressing" xmlns:wsx="http://schemas.xmlsoap.org/ws/2004/09/mex" xmlns:wsam="http://www.w3.org/2007/05/addressing/metadata">
<wsp:Policy wsu:Id="TokenServices_policy">
<wsp:ExactlyOne>
<wsp:All>
<sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
<wsp:Policy>
<sp:TransportToken>
<wsp:Policy>
<sp:HttpsToken RequireClientCertificate="true"/>
</wsp:Policy>
</sp:TransportToken>
<sp:AlgorithmSuite>
<wsp:Policy>
<sp:Basic256/>
</wsp:Policy>
</sp:AlgorithmSuite>
<sp:Layout>
<wsp:Policy>
<sp:Strict/>
</wsp:Policy>
</sp:Layout>
</wsp:Policy>
</sp:TransportBinding>
<wsaw:UsingAddressing/>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy>
<wsdl:types>
<xsd:schema targetNamespace="http://tempuri.org/Imports">
<xsd:import schemaLocation="xsd0.xsd" namespace="http://tempuri.org/"/>
<xsd:import schemaLocation="xsd1.xsd" namespace="http://schemas.microsoft.com/2003/10/Serialization/"/>
</xsd:schema>
</wsdl:types>
<wsdl:message name="ITokenServices_GetUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetUserTokenResponse"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_InputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserToken"/>
</wsdl:message>
<wsdl:message name="ITokenServices_GetSSOUserToken_OutputMessage">
<wsdl:part name="parameters" element="tns:GetSSOUserTokenResponse"/>
</wsdl:message>
<wsdl:portType name="ITokenServices">
<wsdl:operation name="GetUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetUserToken" message="tns:ITokenServices_GetUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetUserTokenResponse" message="tns:ITokenServices_GetUserToken_OutputMessage"/>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<wsdl:input wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserToken" message="tns:ITokenServices_GetSSOUserToken_InputMessage"/>
<wsdl:output wsaw:Action="http://tempuri.org/ITokenServices/GetSSOUserTokenResponse" message="tns:ITokenServices_GetSSOUserToken_OutputMessage"/>
</wsdl:operation>
</wsdl:portType>
<wsdl:binding name="TokenServices" type="tns:ITokenServices">
<wsp:PolicyReference URI="#TokenServices_policy"/>
<soap12:binding transport="http://schemas.xmlsoap.org/soap/http"/>
<wsdl:operation name="GetUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
<wsdl:operation name="GetSSOUserToken">
<soap12:operation soapAction="http://tempuri.org/ITokenServices/GetSSOUserToken" style="document"/>
<wsdl:input>
<soap12:body use="literal"/>
</wsdl:input>
<wsdl:output>
<soap12:body use="literal"/>
</wsdl:output>
</wsdl:operation>
</wsdl:binding>
<wsdl:service name="TokenServices">
<wsdl:port name="TokenServices" binding="tns:TokenServices">
<soap12:address location="https://ws-eq.demo.i-deal.com/PhxEquity/TokenServices.svc"/>
<wsa10:EndpointReference>
<wsa10:Address>https://ws-eq.demo.xxx.com/PhxEquity/TokenServices.svc</wsa10:Address>
</wsa10:EndpointReference>
</wsdl:port>
</wsdl:service>
</wsdl:definitions>
----------------------------------application log
adding as trusted cert:
Subject: CN=VeriSign Class 3 International Server CA - G3, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x641be820ce020813f32d4d2d95d67e67
Valid from Sun Feb 07 19:00:00 EST 2010 until Fri Feb 07 18:59:59 EST 2020
adding as trusted cert:
Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x3c9131cb1ff6d01b0e9ab8d044bf12be
Valid from Sun Jan 28 19:00:00 EST 1996 until Wed Aug 02 19:59:59 EDT 2028
adding as trusted cert:
Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G5, OU="(c) 2006 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
Algorithm: RSA; Serial number: 0x250ce8e030612e9f2b89f7054d7cf8fd
Valid from Tue Nov 07 19:00:00 EST 2006 until Sun Nov 07 18:59:59 EST 2021
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Ignoring not supported JCE Cipher: SunPKCS11-Solaris version 1.6 for algorithm DESede/CBC/NoPadding>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Will use default Cipher for algorithm DESede>
<Mar 7, 2013 6:59:21 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Using JCE Cipher: SunJCE version 1.6 for algorithm RSA/ECB/NoPadding>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSetup: loading trusted CA certificates>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 28395435>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <25779276 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - xx.xxx.xxx.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 6457753>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.removeContext(ctx): 22803607>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Filtering JSSE SSLSocket>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLIOContextTable.addContext(ctx): 14640403>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLSocket will be Muxing>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write HANDSHAKE, offset = 0, length = 115>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <isMuxerActivated: false>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 SSL3/TLS MAC>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <23376797 received HANDSHAKE>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: ServerHello>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <HANDSHAKEMESSAGE: Certificate>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Cannot complete the certificate chain: No trusted cert found>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 0 in the chain: Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validating certificate 1 in the chain: Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <validationCallback: validateErr = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[0] = Serial number: 2400410601231772600606506698552332774
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Subject:C=US, ST=New York, L=New York, O=xxx LLC, OU=GTIG, CN=ws-eq.demo.xxx.com
Not Valid Before:Tue Dec 18 19:00:00 EST 2012
Not Valid After:Wed Jan 07 18:59:59 EST 2015
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> < cert[1] = Serial number: 133067699711757643302127248541276864103
Issuer:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
Subject:C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 International Server CA - G3
Not Valid Before:Sun Feb 07 19:00:00 EST 2010
Not Valid After:Fri Feb 07 18:59:59 EST 2020
Signature Algorithm:SHA1withRSA
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <weblogic user specified trustmanager validation status 16>
<Mar 7, 2013 6:59:22 PM EST> <Warning> <Security> <BEA-090477> <Certificate chain received from ws-eq.demo.xxx.com - 12.29.210.156 was not trusted causing SSL handshake failure.>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Validation error = 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Certificate chain is untrusted>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <SSLTrustValidator returns: 16>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <Trust status (16): CERT_CHAIN_UNTRUSTED>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <NEW ALERT with Severity: FATAL, Type: 42
java.lang.Exception: New alert stack
at com.certicom.tls.record.alert.Alert.<init>(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.fireAlert(Unknown Source)
at com.certicom.tls.record.handshake.ClientStateReceivedServerHello.handle(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessage(Unknown Source)
at com.certicom.tls.record.handshake.HandshakeHandler.handleHandshakeMessages(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.interpretContent(Unknown Source)
at com.certicom.tls.record.MessageInterpreter.decryptMessage(Unknown Source)
at com.certicom.tls.record.ReadHandler.processRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readRecord(Unknown Source)
at com.certicom.tls.record.ReadHandler.readUntilHandshakeComplete(Unknown Source)
at com.certicom.tls.interfaceimpl.TLSConnectionImpl.completeHandshake(Unknown Source)
at com.certicom.tls.record.WriteHandler.write(Unknown Source)
at com.certicom.io.OutputSSLIOStreamWrapper.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:65)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:123)
at java.io.FilterOutputStream.flush(FilterOutputStream.java:123)
at weblogic.net.http.HttpURLConnection.writeRequests(HttpURLConnection.java:154)
at weblogic.net.http.HttpURLConnection.getInputStream(HttpURLConnection.java:358)
at weblogic.net.http.SOAPHttpsURLConnection.getInputStream(SOAPHttpsURLConnection.java:37)
at weblogic.wsee.util.is.InputSourceUtil.loadURL(InputSourceUtil.java:100)
at weblogic.wsee.util.dom.DOMParser.getWebLogicDocumentImpl(DOMParser.java:118)
at weblogic.wsee.util.dom.DOMParser.getDocument(DOMParser.java:65)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:311)
at weblogic.wsee.wsdl.WsdlReader.getDocument(WsdlReader.java:305)
at weblogic.wsee.jaxws.spi.WLSProvider.readWSDL(WLSProvider.java:296)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:77)
at weblogic.wsee.jaxws.spi.WLSProvider.createServiceDelegate(WLSProvider.java:62)
at javax.xml.ws.Service.<init>(Service.java:56)
at ideal.ws2j.eqtoken.TokenServices.<init>(TokenServices.java:64)
at com.citi.ilrouter.util.IpreoEQSSOClient.invokeRpcPortalToken(IpreoEQSSOClient.java:165)
at com.citi.ilrouter.servlets.T3LinkServlet.doPost(T3LinkServlet.java:168)
at com.citi.ilrouter.servlets.T3LinkServlet.doGet(T3LinkServlet.java:206)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(Unknown Source)
at weblogic.servlet.internal.WebAppServletContext.execute(Unknown Source)
at weblogic.servlet.internal.ServletRequestImpl.run(Unknown Source)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <write ALERT, offset = 0, length = 2>
<Mar 7, 2013 6:59:22 PM EST> <Debug> <SecuritySSL> <BEA-000000> <close(): 16189141>I received a workaround by an internal message.
The how to guide is :
-Download the wsdl file (with bindings, not the one from ESR)
-Correct it in order that the schema corresponds to the answer (remove minOccurs or other things like this)
-Deploy the wsdl file on you a server (java web project for exemple). you can deploy on your local
-Create a new logicial destination that point to the wsdl file modified
-Change the metadata destination in your web dynpro project for the corresponding model and keep the execution desitnation as before.
Then the received data is check by the metadata logical destination but the data is retrieved from the correct server. -
Client Certificate Mapping authentication using Active Directory across trusted forests
Hi,
We currently have a setup where the on-premises environment and the cloud environment are based on two separate forests linked by a 1-way trust, i.e., the exist in the on-premises AD and the 1-way trust allows them to use their
credentials to login to a cloud domain joined server. This works fine with the Windows authentication.
We are now looking at implementing a 2-Factor authentication using Certificate. The PKI infrastructure exists in the On-Premises Forest. The users are able to successfully login to on-premise servers configured with "AD CLient Certificate
Mapping".
However, we are unable to achieve the same functionality on the cloud domain joined servers. I would like to know
1. Is this possible?
2. If yes, what do we need to do to make this work.
Just to clarify, we are able to authenticate using certificates by enabling anonymous authentication. However, we are unable to do the same after turning on "Client Certificate Mapping authentication using Active Directory"1. Yes!
2. Before answering this I need to know if your are trying to perform a smart card logon on a desktop/console or if you just want to use certificate based authentication in an application like using a web application with client certificate requirements
and mapping?
/Hasain
We will eventually need it for smartcard logon on to desktop/console. However, at present, I am trying to use this for certificate based authentication on a web application.
To simulate the scenario, I setup up two separate forests and established a trust between them.
I then setup a Windows PKI in one of the forests and issued a client certificate to a user.
I then setup a web server in both the forests and configured them for anonymous authentication with Client SSL requirement configured.
I setup a test ASP page to capture the Login Info on both the servers.
With the client and the server in the same forest, I got the following results
Login Info
LOGON_USER: CORP\ASmith
AUTH_USER: CORP\ASmith
AUTH_TYPE: SSL/PCT
With the client in the domain with the PKI and the server in the other Forest, I got the following response
Login Info
LOGON_USER:
AUTH_USER:
AUTH_TYPE:
I tried the configuration with the Anonymous Authentication turned off and the AD CLient Certificate mapping turned on.
With the client and the server in the same forest, I am able to login to the default page. However, with the server in a trusted forest, I get the following error.
401 - Unauthorized: Access is denied due to invalid credentials.
You do not have permission to view this directory or page using the credentials that you supplied -
OAM (10.1.4.3) Integration with WebLogic App Server (10.3.0 or below)
Hi All,
Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
And
OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.Hi,
This is how the integration goes with different versions of WLS and OAM.
There is oamAuthnProvider.jar available with OAM 10.1.4.3 downloads. So it provides the assertion functionality.
Can I use OAM 10.1.4.3 (Authentication Provider & Identity Asserter) to implement SSO with weblogic App Server 10.3.0 or below?
Mahendra: Yes
OAM 10.1.4.3 Authentication Provider & Identity Asserter is the recommended way to configure SSO with Web Logic App server 10.3.1 ( Oracle Middleware 11g).
Mahendra: Yes, this is the recommended and easy approach.
OAM 10.1.4.2 uses WebLogic SSPI to configure SSO between OAM 10g and WebLogic App Server 10.3.0 or below.
Mahendra: Yes, older version of OAM uses SSPI connector installation.
HTH.
Mahendra. -
The test couldn't sign in to Outlook Web App due to an authentication failure. Extest_ account.
Hi.
I'm using SCOM 2012 R2 and have imported the Exchange server 2010 MP.
I have runned the TestCasConnectivityUser.ps1 script and almost everything is okay except for the OWA test login.
The OWA rule is working for some time until (I think) SCOM is doing a automatic password reset of the extest_ account. Then I get the OWA error below. The other test connectivity are working. Any suggestions.
One or more of the Outlook Web App connectivity tests had warnings. Detailed information:
Target: xxx|xxx
Error: The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxxx
User: extest_xxx
Details:
[22:50:08.936] : The TrustAnySSLCertificate flag was specified, so any certificate will be trusted.
[22:50:08.936] : Sending the HTTP GET logon request without credentials for authentication type verification.
[22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
[22:50:09.154] : The sign-in page is from ISA Server, not Outlook Web App.
[22:50:09.154] : The server reported that it supports authentication method FBA.
[22:50:09.154] : This virtual directory URL type is External or Unknown, so the authentication type won't be checked.
[22:50:09.154] : Trying to sign in with method 'Fba'.
[22:50:09.154] : Sending HTTP request for logon page 'https://xxx.com/CookieAuth.dll?Logon'.
[22:50:09.154] : The HTTP request succeeded with result code 200 (OK).
[22:50:09.373] : The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxx
User: extest_xxx
[22:50:09.373] : Test failed for URL 'https://xxx/OWA/'.
Authentication Method: FBA
Mailbox Server: xxx
Client Access Server Name: xxx
Scenario: Logon
Scenario Description: Sign in to Outlook Web App and verify the response page.
User Name: extest_xxx
Performance Counter Name: Logon Latency
Result: Skipped
Site: xxx
Latency: -00:00:00.0010000
Secure Access: True
ConnectionType: Plaintext
Port: 0
Latency (ms): -1
Virtual Directory Name: owa (Default Web Site)
URL: https://xxx.com/OWA/
URL Type: External
Error:
The test couldn't sign in to Outlook Web App due to an authentication failure.
URL: https://xxx.com/OWA/
Mailbox: xxx
User: extest_xxx
Diagnostic command: "Test-OwaConnectivity -TestType:External -MonitoringContext:$true -TrustAnySSLCertificate:$true -LightMode:$true"
EventSourceName: MSExchange Monitoring OWAConnectivity External
Knowledge:
http://go.microsoft.com/fwlink/?LinkID=67336&id=CB86B85A-AF81-43FC-9B07-3C6FC00D3D42
Computer: xxx
Impacted Entities (3):
OWA Service - xxx, xxx - xxx, Exchange
Knowledge: View additional knowledge...
External Knowledge Sources
For more information, see the respective topic at the Microsoft Exchange Server TechCenter
Thanks
MHemHi,
Based on the error, it looks like an OWA authentication failure.
Have you tried post this to LYNC forums?
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Help !! its urgent !!! HTTPS to HTTP switching in weblogic App server !!
Hi,
I am using servlets in Weblogic Server environemt. My client (browser based) switches
from HTTPS to HTTP and vice versa while accessing different servlets.
In IE application works fine but when using Netscape it fails in many parts .
I have read that there is a fix for Netscape , it goes like this
" Question : When a Netscape browser starts a session with WebLogic Server on an
HTTP page and then moves to an HTTPS page, a new session is created. How can I preserve
the session while switching to or from HTTPS?
Answer : The cookie WebLogic Server sends includes the port number. When the Netscape
browser sees a cookie with a different port number, it assumes the destination is
a different server, so it does not return the cookie to WebLogic Server. The way
to prevent this is to specify the domain name that WebLogic Server writes in the
cookie with the weblogic.httpd.session.cookie.domain property. For example:
weblogic.httpd.session.cookie.domain=.mydomain.com "
I have tried this also by giving different versions of the above mentioned line in
weblogic.properties file
i) weblogic.httpd.session.cookie.domain=.myServerName
where myServerName is name of the machine in which Weblogic App server is runningWhich ports are you using for HTTP and HTTPS?
Robert Patrick wrote:
Is the browser talking directly to WLS or going through another web server (and the
weblogic plug-in)? In the URLs being used from the browser, do you always uss the full
machine name (e.g., mymachine.mydomain.com) or are you trying to use just the hostname
(e.g., mymachine) or the IP address?
Robert
Ajay Singh wrote:
Hi,
I am using servlets in Weblogic Server environemt. My client (browser based) switches
from HTTPS to HTTP and vice versa while accessing different servlets.
In IE application works fine but when using Netscape it fails in many parts .
I have read that there is a fix for Netscape , it goes like this
" Question : When a Netscape browser starts a session with WebLogic Server on an
HTTP page and then moves to an HTTPS page, a new session is created. How can I preserve
the session while switching to or from HTTPS?
Answer : The cookie WebLogic Server sends includes the port number. When the Netscape
browser sees a cookie with a different port number, it assumes the destination is
a different server, so it does not return the cookie to WebLogic Server. The way
to prevent this is to specify the domain name that WebLogic Server writes in the
cookie with the weblogic.httpd.session.cookie.domain property. For example:
weblogic.httpd.session.cookie.domain=.mydomain.com "
I have tried this also by giving different versions of the above mentioned line in
weblogic.properties file
i) weblogic.httpd.session.cookie.domain=.myServerName
where myServerName is name of the machine in which Weblogic App server is running -
HTTPS to HTTP switching in weblogic App server
Hi,
I am using servlets in Weblogic Server environemt. My client (browser based) switches
from HTTPS to HTTP and vice versa while accessing different servlets.
In IE application works fine but when using Netscape it fails in many parts .
I have read that there is a fix for Netscape , it goes like this
" Question : When a Netscape browser starts a session with WebLogic Server on an
HTTP page and then moves to an HTTPS page, a new session is created. How can I preserve
the session while switching to or from HTTPS?
Answer : The cookie WebLogic Server sends includes the port number. When the Netscape
browser sees a cookie with a different port number, it assumes the destination is
a different server, so it does not return the cookie to WebLogic Server. The way
to prevent this is to specify the domain name that WebLogic Server writes in the
cookie with the weblogic.httpd.session.cookie.domain property. For example:
weblogic.httpd.session.cookie.domain=.mydomain.com "
I have tried this also by giving different versions of the above mentioned line in
weblogic.properties file
i) weblogic.httpd.session.cookie.domain=.myServerName
where myServerName is name of the machine in which Weblogic App server is runningtry
weblogic.httpd.session.cookie.domain=.myDomainName
where myDomainName is something like india.techspan.com, make sure you don't put
in the name of your machine. WLS doesn't care about that in this property.
"Ajay Singh" <[email protected]> wrote:
>
Hi,
I am using servlets in Weblogic Server environemt. My client (browser
based) switches
from HTTPS to HTTP and vice versa while accessing different servlets.
In IE application works fine but when using Netscape it fails in many parts
I have read that there is a fix for Netscape , it goes like this
" Question : When a Netscape browser starts a session with WebLogic Server
on an
HTTP page and then moves to an HTTPS page, a new session is created. How
can I preserve
the session while switching to or from HTTPS?
Answer : The cookie WebLogic Server sends includes the port number. When
the Netscape
browser sees a cookie with a different port number, it assumes the destination
is
a different server, so it does not return the cookie to WebLogic Server.
The way
to prevent this is to specify the domain name that WebLogic Server writes
in the
cookie with the weblogic.httpd.session.cookie.domain property. For example:
weblogic.httpd.session.cookie.domain=.mydomain.com "
I have tried this also by giving different versions of the above mentioned
line in
weblogic.properties file
i) weblogic.httpd.session.cookie.domain=.myServerName
where myServerName is name of the machine in which Weblogic App server
is running -
try
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "Test Mail..!!!!";
mail.Body = "mail with attachment";
System.Net.Mail.Attachment attachment;
attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
mail.Attachments.Add(attachment);
SmtpServer.Port = 587;
SmtpServer.UseDefaultCredentials = true;
SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
Catch(Exception exception)
When i m run this part of code it throw an Ecxeption
Given Below is the Error..
The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
Bikky Kumartry
MailMessage mail = new MailMessage();
SmtpClient SmtpServer = new SmtpClient("smtp.gmail.com");
mail.From = new MailAddress("[email protected]");
mail.To.Add("[email protected]");
mail.Subject = "Test Mail..!!!!";
mail.Body = "mail with attachment";
System.Net.Mail.Attachment attachment;
attachment = new System.Net.Mail.Attachment(@"C:\Attachment.txt");
mail.Attachments.Add(attachment);
SmtpServer.Port = 587;
SmtpServer.UseDefaultCredentials = true; ///Set it to false, or remove this line
SmtpServer.Credentials = new System.Net.NetworkCredential("userid", "Password");
SmtpServer.EnableSsl = true;
SmtpServer.Send(mail);
Catch(Exception exception)
Given Below is the Error.. The SMTP server requires a secure connection or the client was not authenticated. The server response was: 5.5.1 Authentication Required.
Solution:
The error might occur due to following cases.
case 1: when the password is wrong
case 2: when you try to login from some App
case 3: when you try to login from the domain other than your time zone/domain/computer (This
is the case in most of scenarios when sending mail from code)
There is a solution for each
solution for case 1: Enter the correct password.
Recomended: solution for case 2: go to
security settings at the following link https://www.google.com/settings/security/lesssecureapps and
enable less secure apps . So that you will be able to login from all apps.
solution 1 for case 3: (This might be helpful) you need to review the activity. but reviewing the activity will not be helpful due to latest security
standards the link will not be useful. So try the below case.
solution 2 for case 3: If you have hosted your code somewhere on production server and if you have access to the production server, than take remote
desktop connection to the production server and try to login once from the browser of the production server. This will add exception for login to google and you will be allowed to login from code.
But what if you don't have access to the production server. try
the solution 3
solution 3 for case 3: You have to enable
login from other timezone / ip for your google account.
to do this follow the link https://g.co/allowaccess and
allow access by clicking the continue button.
And that's it. Here you go. Now you will be able to login from any of the computer and by any means of app to your google account.
Regards,
Nabeel Arif -
"530 5.7.1 Client was not authenticated" Error with mail service
Hi,
I have some problem with Mail service with the Webspaces application. I have configured the Service (with MS Exchange server) with WebSpaces Application with the required IMAP, SMTP, External Application and LDAP Settings correctly. I opened the Mail Page and Logged in with the
user credentials. I am able to see the incoming mails , But when I try to send a mail I am getting the following exception. For some reason, SMTP send is failing. I did the same IMAP and SMTP settings in MS Outlook and successfully sent the mail. what could be the problem? Please repond.
oracle.webcenter.collab.mail.MailException: Failed to send the message with subject "Test". Further information: 530 5.7.1 Client was not authenticated
at oracle.webcenter.collab.mail.MailSession.sendMessage(MailSession.java:864)
at oracle.webcenter.collab.mail.view.backing.MessageHandler.sendMessage(MessageHandler.java:528)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.el.parser.AstValue.invoke(AstValue.java:157)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
at org.apache.myfaces.trinidadinternal.taglib.util.MethodExpressionMethodBinding.invoke(MethodExpressionMethodBinding.java:53)
at org.apache.myfaces.trinidad.component.UIXComponentBase.broadcastToMethodBinding(UIXComponentBase.java:1245)
at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:183)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:87)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent$1.run(ContextSwitchingComponent.java:87)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent._processPhase(ContextSwitchingComponent.java:298)
at oracle.adf.view.rich.component.fragment.ContextSwitchingComponent.broadcast(ContextSwitchingComponent.java:91)
at oracle.adf.view.rich.component.fragment.UIXInclude.broadcast(UIXInclude.java:81)
at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:475)
at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:756)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._invokeApplication(LifecycleImpl.java:673)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl._executePhase(LifecycleImpl.java:273)
at oracle.adfinternal.view.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:165)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.portlet.client.adapter.adf.ADFPortletFilter.doFilter(ADFPortletFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellPageRedirectionFilter.doFilter(WebCenterShellPageRedirectionFilter.java:210)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:191)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterShellFilter.doFilter(WebCenterShellFilter.java:603)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.view.page.editor.webapp.WebCenterComposerFilter.doFilter(WebCenterComposerFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.share.http.ServletADFFilter.doFilter(ServletADFFilter.java:65)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adfinternal.view.faces.webapp.rich.RegistrationFilter.doFilter(RegistrationFilter.java:85)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
at oracle.adfinternal.view.faces.activedata.AdsFilter.doFilter(AdsFilter.java:54)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl$FilterListChain.doFilter(TrinidadFilterImpl.java:420)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:247)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:157)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.adf.library.webapp.LibraryFilter.doFilter(LibraryFilter.java:159)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.security.jps.wls.JpsWlsFilter$1.run(JpsWlsFilter.java:96)
at oracle.security.jps.util.JpsSubject.doAsPrivileged(JpsSubject.java:313)
at oracle.security.jps.wls.util.JpsWlsUtil.runJaasMode(JpsWlsUtil.java:146)
at oracle.security.jps.wls.JpsWlsFilter.doFilter(JpsWlsFilter.java:140)
at oracle.security.jps.ee.http.JpsFilter.doFilter(JpsFilter.java:70)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.processFilters(WebCenterLocaleWrapperFilter.java:256)
at oracle.webcenter.webcenterapp.internal.view.webapp.WebCenterLocaleWrapperFilter.doFilter(WebCenterLocaleWrapperFilter.java:215)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at oracle.dms.wls.DMSServletFilter.doFilter(DMSServletFilter.java:202)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.RequestEventsFilter.doFilter(RequestEventsFilter.java:27)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:56)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3588)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2200)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2106)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1428)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.1 Client was not authenticated
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1388)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:959)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:583)
at oracle.webcenter.collab.mail.MailSession.sendMessage(MailSession.java:850)
Edited by: indra_owc on Jan 9, 2010 6:14 PMThe server probably wants you to use the STARTTLS command before you authenticate.
See the com.sun.mail.smtp package javadocs for the property to set to enable that. -
Email Notification - ERROR: 530 5.7.1 Client was not authenticated
Hi People!
I am receiving the follows error when I run scheduled task. Also, I used Javamail and I have the same problem. The problem: MAIL FROM isn´t authenticating. How can I solve it?
Other question: How can I configure Email Notification in debug?
Thanks!
API Code (Schedule task)
this.dataProvider = getDataBase();
tcEmailNotificationUtil emaildef = new tcEmailNotificationUtil(dataProvider);
emaildef.setSubject("User: " + s2);
emaildef.setFromAddress(fromaddr);
emaildef.setBody("OIM has detected a modify in Active Directory. " );
emaildef.sendEmail(toaddr);
System Configuration->XL.MailServer=Email Server
IT Resource 'Email server'
Name Email Server
Auth : true
Server name : exchange server name
User name : <domain name>\User name
Password :: Password of that user
ERROR
ERROR,11 Jan 2011 18:18:00,375,[XELLERATE.REQUESTS],Class/Method: tcEmailNotificationUtil/sendEmail encounter some problems: 530 5.7.1 Client was not authenticated
com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.1 Client was not authenticated
at com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:1388)
at com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:959)
at com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:583)
at javax.mail.Transport.send0(Transport.java:169)
at javax.mail.Transport.send(Transport.java:98)
at com.thortech.xl.dataobj.util.tcEmailNotificationUtil.sendEmail(Unknown Source)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.processUserChange(ActiveDirectoryReconTask.java:657)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.processBatch(ActiveDirectoryReconTask.java:341)
at com.thortech.xl.integration.ActiveDirectory.tcADUtilLDAPController.searchResultPageEnum(Unknown Source)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.performReconciliation(ActiveDirectoryReconTask.java:248)
at com.thortech.xl.schedule.tasks.ActiveDirectoryReconTask.execute(ActiveDirectoryReconTask.java:97)
at com.thortech.xl.scheduler.tasks.SchedulerBaseTask.run(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper$TaskExecutionAction.run(Unknown Source)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(Unknown Source)
at weblogic.security.Security.runAs(Security.java:41)
at Thor.API.Security.LoginHandler.weblogicLoginSession.runAs(Unknown Source)
at com.thortech.xl.scheduler.core.quartz.QuartzWrapper.execute(Unknown Source)
at org.quartz.core.JobRunShell.run(JobRunShell.java:178)
at org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:477)
--------------------------------------------------------------------------------Thanks Justin,
for all your help and support.
there was some settings to be done in the exchange server. and today the system admin co-operated with me and did the changes in the exchange.
now the messaging is working fine.
Thanks,
Rashed -
Unable to create SASL client connection for authentication mechanism [PLAIN
I have problem to use dscc to admin my ds/dps servers, since I the dscc can't contact dscc agent. Though the agent is running on the default port number with network-bind-port of 0.0.0.0, there is nothing I can do to fix it.
I debug the problem, and found following errors in server.log under dscc (deployed on SUN AS 8.2):
Message: Unable to create SASL client connection for authentication mechanism [PLAIN]|#]
[#|2007-08-21T15:28:40.252-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.jmx.remote.opt.security.SASLClientHandler.initialize(SASLClientHandler.java:124)|#]
[#|2007-08-21T15:28:40.253-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.jmx.remote.opt.security.AdminClient.connectionOpen(AdminClient.java:131)|#]
[#|2007-08-21T15:28:40.254-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.jmx.remote.generic.ClientSynchroMessageConnectionImpl.connect(ClientSynchroMessageConnectionImpl.java:71)|#]
[#|2007-08-21T15:28:40.256-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | javax.management.remote.generic.GenericConnector.connect(GenericConnector.java:177)|#]
[#|2007-08-21T15:28:40.257-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | javax.management.remote.jmxmp.JMXMPConnector.connect(JMXMPConnector.java:119)|#]
[#|2007-08-21T15:28:40.258-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)|#]
[#|2007-08-21T15:28:40.260-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.directory.nquickclient.NquickClient.getJmxConnector(NquickClient.java:816)|#]
[#|2007-08-21T15:28:40.261-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.directory.nquickclient.NquickClient.getConnector(NquickClient.java:519)|#]
[#|2007-08-21T15:28:40.262-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.directory.nquickclient.NquickClient.getConnectorSystemAuthentication(NquickClient.java:314)|#]
[#|2007-08-21T15:28:40.263-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.directory.dcc.core.NquickPool.getSyncServerMBean(NquickPool.java:435)|#]
[#|2007-08-21T15:28:40.264-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | com.sun.directory.dcc.core.NquickPool$1.run(NquickPool.java:320)|#]
[#|2007-08-21T15:28:40.271-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.admin.directory.dcc.util.ViewBeanUtils:appendDebugLine | java.lang.Thread.run(Thread.java:534)|#]
[#|2007-08-21T15:28:40.289-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.ui.taglib.pagetitle.CCPageTitleTag:appendPageTitleAlertAndText | Node has no attributes.|#]
[#|2007-08-21T15:28:40.293-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.ui.taglib.pagetitle.CCPageTitleTag:appendPageActions | Could not obtain pageactions element.|#]
[#|2007-08-21T15:28:40.295-0400|INFO|sun-appserver-pe8.2|javax.enterprise.system.stream.out|_ThreadID=11;|
15:28:40 | httpWorkerThread-8080-0 | com.sun.web.ui.taglib.pagetitle.CCPageTitleTag:appendPageViewsMenu | Could not obtain pageviews element.|#]
Please help if you could figure out what's going on. Thanks!Bug ID: 6551672
Synopsis: SunAS claims "Unable to create SASL client conn for auth mechanism" and do not talk to Cacao
Work Around:
Work arround:
Change the JVM of used by App Server.
Edit the file:
/usr/appserver/config/asenv.conf
and replace
AS_JAVA="/usr/j2se"
by
AS_JAVA="/usr/java"
Then restart your AS domain. -
Client certificate based authentication
We have a JAVA web start application that needs to connect to an apache server and use client certificate based authentication. When javaws initiates a connection with apache server, it tries to retrieve the certificate/key from the PKCS12 keystore to present it to the apache server. We have made this work, however, javaws is prompting user to enter the password for accessing the keystore password. We do not want our users to enter this password and are looking into ways to either supply the password as one of the javaws deployment property or create an unprotected keystore. Both of our attempts have been unsuccessfull. We have tried the following
1. we passed the 3 discussed properties (javax.net.ssl.keyStore,
javax.net.ssl.keyStorePassword, javax.net.ssl.keyStoreType) in Java
Control Panel, according to the following procedure: open Control Panel,
select Java tab, click View under Java Applet Runtime Settings, set
values in Java Runtime Parameters table column. This operation added the
properties to the user's deployment file (in a new attribute named
deployment.javapi.jre.1.5.0_09.args, which held all 3 properties as a
value), but there was no effect (password window still popped up).
2. We setup the deployment.property file manually with the 3 attributes
[javax.net.ssl.keyStore, javax.net.ssl.keyStorePassword,
javax.net.ssl.keyStoreType], it didn't have any affect either.
3. When launching java applications you can set system properties as
part of the command line using the follwing format
"-D<property_name>=<property_value>", we failed to find the analogous in
javaws.
Has anyone got any ideas on how to workaround this problem? Really appreciate any help here.Hi, client cert auth is not realy the best way to protect your resources. It needs to install client cert on every workstation to access application. I think it conflict with javaws concept!
I have the same situation (protect resources and avoid password promt on start) and my solution is:
Using tomcat as web server:
Direct structure as follow:
/ApplicationRoot
/WEB-INF
/resources
- private.jar
- private.jnlp
/resources
- icon.png
- public.jarAs you can see there is no direct access to protected resources. All protected resources availiable only thrue ResourceProvider servlet, configured as follow (web.xml):
<servlet-mapping>
<servlet-name>ResourceProvider</servlet-name>
<url-pattern>/resources/secret/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>protected resources awailiable from browser</web-resource-name>
<url-pattern>/resources/secret/browser/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>somerole</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<security-role>
<role-name>somerole</role-name>
</security-role>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name></realm-name>
</login-config>Code your ResourceProvider servlet to grant access only if:
- Connection is secure (ssl).
- URL pattern is "/resources/secret/browser/*" and client has pass realm.
- URL pattern is "/resources/secret/javaws/secretkey/*" (where secretkey is a pin kept both by client and server)
To Install app from browser (access private.jnpl) use "/resources/secret/browser/*" url pattern and basic auth.
To download app resources configure jnlp file as follow:
<jnlp spec="1.0+" codebase="https://host:port/AppRoot/resources/" href="secret/javaws/secretkey/private.jnlp
<information>
<icon href="icon.png"/>
</information>
<resources>
<j2se version="1.6+"/>
<jar href="secret/javaws/secretkey/private.jar" />
<jar href="public.jar" />
</resources>
</jnlp>
{code}
And last you need to do is configure ssl connector on tomcat server as follow:
{code}
<Connector port="port"
scheme="https"
secure="true"
SSLEnabled="true"
clientAuth="false"
sslProtocol="TLS"
/>
{code}
Pay attention to "clientAuth" param. Set it to "false" to avoid javaws splash cert choose dialog on every app update.
Hope it help! -
Xa_open string format for PKI-based authentication
We currently create Oracle XA connections (via Tuxedo OPENINFO) with an xa_open string containing the usual user name and password for authentication. eg
"ORACLE_XA:Oracle_XA+Acc=P/scott/tiger+SesTm=60+SqlNet=LCM9IAN+ ..... etc"
I am now looking at replacing username/password authentication by a PKI-based authentication between client and server with Oracle Wallets set up in the SQL*net config. I'm not clear what changes I need to make to the XA connection method in this case. Is it simply a matter of removing the username & password from the xa_open string to leave a null Acc field? ie " .... +Acc=P//+ ..." as the Oracle Database Application Developer's Guide seems to suggest, or is there more to it ?
Thanks.We currently create Oracle XA connections (via Tuxedo OPENINFO) with an xa_open string containing the usual user name and password for authentication. eg
"ORACLE_XA:Oracle_XA+Acc=P/scott/tiger+SesTm=60+SqlNet=LCM9IAN+ ..... etc"
I am now looking at replacing username/password authentication by a PKI-based authentication between client and server with Oracle Wallets set up in the SQL*net config. I'm not clear what changes I need to make to the XA connection method in this case. Is it simply a matter of removing the username & password from the xa_open string to leave a null Acc field? ie " .... +Acc=P//+ ..." as the Oracle Database Application Developer's Guide seems to suggest, or is there more to it ?
Thanks.
Maybe you are looking for
-
MacBook pro stopped connecting to wifi
It worked fine until cable company reset modem... All other laptops, iPads, etc. still work on wifi (home network)... What happened?
-
Nav bars rollover stops working when there is a drop down menu
I am making a navigation bar bar that has about 5 links on it all with rollovers. Their is one rollover that uses a drop down menu. That rollover doesn't give me a rollover just a drop down. I want to have both happen. Also does anyone know how to ke
-
hello everyone, I currently have my ATV2 connected from HDMI to my TV for Audio&Video but I want to run just my HDMI for Video and my Fiber optics cable for my Sound. I am unable to locate in the settings where I can change my sound to Fiber optics
-
Connection Test MDX PARSER - Error
Hi, I'm installing BPC 7.0 Netweaver. When I test Connection MDX PARSER rfc in SM59 we get the following time out error: timeout during allocate / CPIC-CALL: 'ThSAPCMRCV' : cmRc=20 thRc=456 Timeout dur ERROR: timeout during allocate LOCATION: SAP-Gat
-
Changing default printing parameters.
Hi, how setting the system so that when in POs I click in "Communication method", <b>logical destination</b>, <b>print immediately</b> and <b>release after output</b> are selected in advance?